Events

Last week, I joined about 40,000 people at the AWS re:Invent. While clearly AWS- focused, the conference has become the leading cloud, and maybe even the leading infrastructure, event. With information on cloud and DevOps in sessions and on the show floor, it was great to be there. There was also the bonus of having the Gartner Identity and Access Management (IAM) Summit in Vegas during the same week, and I’ll include some details on that below.

Demoing New Capabilities

Product management, product marketing and our systems engineers took the opportunity to talk to many developers and IT professionals at re:Invent, and we gained helpful insights about some of the immediate and emerging security challenges that customers face and want CyberArk to address. More to come on that in 2018. We also got very positive responses from our demo of the Conjur secrets management solution for DevOps, especially showing off the UI and then switching into code. There was a lot of interest in the Open Source version. We also demoed our integrations with AWS ,including the CyberArk Amazon Machine Images (AMI) and Cloud Formation Templates (CFT), and the recently announced integration of the Enterprise Password Vault with AWS CloudWatch that automatically on-boards SSH keys for newly created instances.

Security Is A Priority – But Not Everyone Addressing

While there was significant emphasis on security at the event, AWS continues to emphasize the shared responsibility model. AWS announced several enhancements to its identity and security offerings, but it struck me that there are still some major, unaddressed gaps in cloud and DevOps security awareness and needs. Moreover, even heightened awareness of the vulnerabilities does not always drive remedial action.

The good news, for you, is that if you’re reading this post you probably know CyberArk, in which case you are likely already ahead of many of your peers. I had the opportunity to speak to several very knowledgeable and savvy developers and cloud engineers at re:Invent. My impression was that while there is tremendous interest in learning more about securing cloud workloads and DevOps environments, many organizations have a long way to go. For example, I spoke with several people that still hardcode credentials, secrets and access keys; others are stringing together multiple tools and environments to store their secrets. These security gaps are significant. But, if you’ve evaluated the Conjur Community Edition (available at conjur.org at no cost), or if you already use CyberArk Conjur, CyberArk Enterprise Password Vault or other CyberArk solutions, you are likely on the right track to address your organization’s cloud and hybrid security concerns. If not, please reach out to us.

Expanding AWS Capabilities

No surprises here, but AWS continues to aggressively expand its platform and offerings, including several developer focused offerings, APIs, and integrated tools such as the browser-based AWS Cloud9 Integrated Development Environment (IDE), and the expansion of AWS Lambda, serverless computing capabilities. AWS also announced significant expansion of its Machine Learning (ML) capabilities with Amazon SageMaker and Artificial Intelligence (AI) capabilities with AWS Rekognition as well as video analysis for live streaming and translation services (which tie back to ML and AI). These initiatives aim to make powerful ML and AI capabilities accessible to developers across a range of organizations. While these new AWS capabilities have some of the same security needs as other cloud based services (S3, EC2, etc.), they each likely require vast amounts of data – which IT and security professionals will need to protect. Innovative companies will leverage these capabilities to offer new services, and of course, AWS is motivated to increase adoption of cloud-based services. These new capabilities have the potential to accelerate an enterprise’s cloud journey, but also potentially expose new security needs to address. Our goal is to be ready for you at each stage of your cloud journey.

For more detail on the developer highlights, refer to “AWS re:Invent Recap – Amazon Lures Developers With New Tools And APIs” by Janakiram MSV — published in Forbes.

Gartner IAM

Cloud and DevOps topics were also front and center at the Gartner Identity and Access Management (IAM) Summit. Attendees explored how both market and technology forces are shaping the future of IAM, and participated in deep dives on topics ranging from analytics and blockchain, to artificial intelligence and microservices. A few of the highlights included a session by Gartner Research Director Felix Gaehtgens, “Manage Privileged Access to Reduce Security Risks and Increase Agility,” that covered privileged access management (PAM) fundamentals, an overview of available tools and a peek at technologies along the PAM maturity curve. Additionally, Research VP Lori Robinson’s session, “Protect the Keys to the Kingdom! Secure Privileged Access in an IaaS Environment,” honed in on privileged access as an essential security control in IaaS environments for risk mitigation.

A colleague and I presented “CyberArk: Privileged Related Risks Lurking in Your Cloud? Halt Stealthy Threats” at the Summit. The slides are available here.

Making Security a Priority

Bottom line – it was a very enlightening and productive week in Vegas with the two conferences, where it was clear that identity and security for cloud and DevOps will continue to be a top-of-mind priority for enterprises. On a side note, at the parent teacher conference I attended this week, I discovered my high school senior’s programing class uses the AWS Cloud9 development environment – no surprise, but security isn’t yet on their agenda. I think (hope) we all know it needs to be on the top of ours!

For additional information, please visit Cyberark.com/cloud, or to download the open source edition of our secrets management solution visit conjur.org.

With record-breaking attendance and a jam-packed agenda of thought-provoking keynotes, technical sessions, tutorials and seminars, this year’s RSA Conference was not one to miss. Everywhere you turned, there was something new to learn and see—from debating about how artificial intelligence and machine learning could shape the industry’s future, to meeting young startups approaching security challenges in interesting new ways, to participating in lively technical discussions with peers and partners. With more than 43,000 people in attendance, I can’t help but wonder if, after 26 years, it is time to move the RSA Conference to Vegas!?

Just like the conference, there wasn’t a dull moment at the CyberArk booth. After kicking off the show by announcing our new insider threat detection capabilities, we hosted record numbers of attendees for one-on-one demos, small group discussions and partner presentations with several of our C3 Alliance members. Throughout the week, one thing was clear: Organizations have graduated from the education stage and fully understand that privilege is the one constant in the cyber attack lifecycle.

Throughout the week, several buzzwords and hot topics topped the charts:

Insider Threats: An insider who has gained access to privileged credentials can initiate seemingly legitimate privileged user sessions, making it incredibly difficult to detect. Our newly announced capability automatically analyzes all privileged users’ session activity to instantly identify high-risk activity and alert security teams to a potential incident before it’s too late. By automating this process and detecting more threats faster, organizations can gain an opportunity to disrupt inside attackers—and careless users—before these incidents turn into costly, reportable breaches.

Endpoint: The vast majority of advanced attacks start at the endpoint when attackers breach the perimeter and target credentials. To help organizations better detect and contain cyber attacks, we’ve combined targeted analytics with proven privilege management and application control capabilities—so that organizations can effectively lock-down privileges on the endpoint without impacting productivity.

Cloud Migration: Accelerated cloud migration requires IT leaders to implement more effective risk management strategies from the start in order to better protect against advanced threats. We can help to eliminate the security gaps across public, private, hybrid cloud and SaaS environments by protecting all privileged accounts—wherever they are.

These topics were also highlighted in Brandon Traffanstedt’s RSA session entitled “The Privilege Connection: Cloud, DevOps and Stopping Advanced Threats.” During this talk, he outlined best practices for reducing the attack surface by securing privileged accounts across the enterprise—on-premises, in the cloud and on endpoints, as well as privileged credentials used by DevOps automation and orchestration tools.

Rounding out the week was CyberArk CEO Udi Mokady’s appearance on the panel, “Meet the Leaders of the Startup Nation.” He, along with a panel of industry experts, ex-intelligence officers and leading academics, talked about how Israel became known as the “Startup Nation.”

To top it all off, we received an SC Award for Best Identity Management Solution. We couldn’t be more proud of our team and are honored to be recognized by the SC Awards for this commitment to innovation and product excellence.

Thanks to our customers, partners and team, RSA 2017 is a show we won’t soon forget. See you next year.

We recently kicked off a new webcast series, On the Front Lines. Led by our team of system engineer experts, these webcasts take place on Tuesdays at 2:00 p.m. EDT offering information on cyber security trends, technical details on security exploits involving privileged accounts and actionable insights on improving privileged access controls.

Over the past few weeks, we’ve examined the exploitation of privileged accounts in today’s most damaging advanced attacks; discussed how privilege management plays a critical role in preventing credential theft and lateral movement; explored an innovative new approach to combating ransomware; and outlined steps for jump-starting a privileged account security program.

Here’s a quick look at our upcoming sessions for September:

September 13: Detect & Respond to Attacks on Domain Controllers: An End-to-End Look at Kerberos Attacks

Attackers frequently target Domain Controllers to ultimately gain carte blanche access to an entire organization. Once an attacker has access to a domain administrator credential, they can generate Kerberos tickets to achieve unauthorized, undetected, and often, unfettered access to the enterprise environment. Led by Len Noe, this session will feature a live demonstration of a Golden Ticket attack as well as a discussion around Domain Controller security—including proactive protection, detection and response to attacks that target Domain Controllers. You can register for this webcast here.

Most organizations have 3-4 times more privileged accounts than employees, but where do these privileged accounts exist? Attackers can easily locate your high value users (Domain Admins) and high value assets (Domain Controllers)—can you? Do you understand how to secure them? Join this session with Kevin Ross to learn how CyberArk’s Discovery and Audit tool finds vulnerable privileged credentials, including passwords and SSH keys, and makes suggestions for securing your privileged account environment. You can register for this webcast here.

September 27: CyberArk and Multi-factor Authentication

Multi-factor authentication is an important security control for critical systems. Evan Litwak will discuss how CyberArk integrates with common multi-factor vendors to add additional protection to the heart of the enterprise. This session will also cover ways to extend multi-factor authentication to legacy systems. You can register for this webcast here.

As you work to protect your organization’s most valuable assets, know that you’re not alone. We’re on the front lines offering security insights and solutions that can help you to mitigate risks.

Last week, we spent three action-packed days with our European customers and partners in Barcelona, kicking off the CyberArk Impact 2016 Summit series. Next week, a team from CyberArk will convene in Boston with our Americas customers and partners. These events represent the largest gathering of privileged account security experts globally and provide an opportunity for attendees to discuss the ever-changing cyber security landscape, share stories and learn best practices for bolstering privileged account security. Through interactive sessions and training, attendees learn the most effective ways to protect critical enterprise assets.

Here are six takeaways from last week’s discussions:

Privileged Account Security is an organizational priority: The rise in awareness about advanced threats has prompted many organizations to shore up privileged access controls in order to mitigate risks. In fact, it has become a top organizational priority for a growing number of companies in recent years.

Enterprise-wide initiatives are challenging: Taking the time to fully develop a strategy and business case is critical in order to overcome any obstacles.

Knowledge-sharing is critical: Cyber attacks have reached a level of sophistication that allows attackers to potentially evade existing security controls and access privileged credentials. Peer-to-peer guidance is invaluable in the fight against cyber attacks.

Stakeholder engagement is key: Typical of any comprehensive project, it’s important to secure to buy-in to what you and your team aim to achieve. Engage with stakeholders on a regular basis. In the words of one of our speakers, ‘it’s useful to have a big guy with a hammer’ too.

Demonstrate value through milestones: Think about how privileged account security integrates within a wider environment; chances are, it’s not feasible to get the whole infrastructure under control immediately, but it is important to show value quickly. Set early goals in conjunction with business partners, define phases to minimize business disruption and capitalize on initial successes by creating blueprints for repeatable processes.

Establish metrics that matter: It is crucial to define the reduction in risk the project will achieve. Senior management, the board of directors and other key stakeholders used to simply ask for assurances that things were okay – but not anymore. Now, they need risk reduction and breach scenarios to be explained. Establish metrics that they can understand, and use the metrics to steer course corrections, measure control efficiency, and assess the impact of controls on system availability and application performance.

Achieving the right balance between enabling and restricting high-levels of access to information assets is difficult, but necessary. By convening to share insights and collaborating with one another regularly, best practices emerge to address the ever changing security landscape. Next week’s event marks our 10th Annual Summit for the Americas. We look forward to the ongoing dialogue.

Regular readers of the CyberArk blog know that this year’s RSA Conference was jam packed for our team with news of new products and innovation, exciting new initiatives with our partners and meetings with customers and prospects. We had a record number of attendees visit the CyberArk booth, seeking ways to mitigate risk and proactively protect against stolen privileged credentials, Kerberos attacks, malicious insiders, Golden Ticket attacks and Pass-the-Hash attacks.

We also invited conference attendees to enter a sweepstakes for this year’s booth prize.
We decided to try something different this year. Our booth sweepstakes offered a chance for one lucky person to win $10,000 to be donated to a charity of his or her choice. The idea was well-received, with many attendees commenting on the refreshing change from the usual conference giveaways.

Cathy explains, “I am a breast cancer survivor, and I know too many people whose lives have been touched by cancer. I can’t sit still and not take action against this disease that has hurt so many. That’s why I participate in the American Cancer Society Relay for Life. Relay For Life is my opportunity to celebrate loved ones who have won their battle against cancer, remember those no longer with us, and fight back against this disease that robs so many of so much. The money donated by CyberArk to Relay for Life will bring us one step closer to a world with less cancer and more birthdays.”

Thank you, Cathy, for sharing your story and for donating to the American Cancer Society, an important organization supporting cancer research, patient services, early detection, treatment and education.